eRA Commons 2-Factor Authentication

To make eRA user accounts more secure, eRA is requiring use of two-factor authentication instead of an eRA account username and password to access eRA modules (eRA Commons, Commons Mobile, ASSIST, Internet Assisted Review).

Switching to using two-factor authentication makes eRA user accounts more secure and helps maintain confidential information.

• Follow this process and use Login.gov for the initial setup
• and/or use an InCommon Federated account that supports NIH’s two-factor authentication standards

 

Starting on September 15, 2021, eRA will begin a phased approach for requiring the use of two-factor authentication for user accounts. The new timing of enforcing the requirement depends on the type of user account and a new triggering event. See NOT-OD-21-172.

The Type of User Account:

• This phased approach pertains to all scientific account holders but excludes administrative accounts until early 2022 (also see eRA Commons User Roles)

The Triggering Event:

• All PIs and key personnel associated with an application or Research Performance Progress Report (RPPR) will be required to transition to the use of two-factor authentication 45 days after the submission of their competing grant application (Type 1 or 2) or their RPPR.

Forty-five days after this triggering event, these users will not be able to access eRA systems until they set up and use a two-factor authentication service provider - Login.gov and/or an InCommon Federated account (that supports NIH’s two-factor authentication standards).

eRA will send reminder messages during the 45-day period to individual users who are required to transition to the new two-factor authentication requirement.